diff options
author | TingPing <tingping@tingping.se> | 2013-11-02 02:05:55 -0400 |
---|---|---|
committer | TingPing <tingping@tingping.se> | 2013-11-02 21:07:03 -0400 |
commit | af248ce2c17416ed33e9feb3d248347ee86f02e4 (patch) | |
tree | 26b7f1b9bf44c727049ffc58c7b16c51decb2626 /src/common | |
parent | 7e6f37b4cd68a520e808ac642a2750d5d60c0aa8 (diff) |
Fix invalid timestamps crashing on Windows
Diffstat (limited to 'src/common')
-rw-r--r-- | src/common/text.c | 11 | ||||
-rw-r--r-- | src/common/util.c | 78 | ||||
-rw-r--r-- | src/common/util.h | 2 |
3 files changed, 81 insertions, 10 deletions
diff --git a/src/common/text.c b/src/common/text.c index 0b66c5fd..58d3b45c 100644 --- a/src/common/text.c +++ b/src/common/text.c @@ -542,7 +542,7 @@ log_create_pathname (char *servname, char *channame, char *netname) /* insert time/date */ now = time (NULL); tm = localtime (&now); - strftime (fnametime, sizeof (fnametime), fname, tm); + strftime_validated (fnametime, sizeof (fnametime), fname, tm); /* create final path/filename */ if (logmask_is_fullpath ()) @@ -649,14 +649,7 @@ get_stamp_str (char *fmt, time_t tim, char **ret) fmt = loc; } - len = strftime (dest, sizeof (dest), fmt, localtime (&tim)); -#ifdef WIN32 - if (!len) - { - /* use failsafe format until a correct one is specified */ - len = strftime (dest, sizeof (dest), "[%H:%M:%S]", localtime (&tim)); - } -#endif + len = strftime_validated (dest, sizeof (dest), fmt, localtime (&tim)); if (len) { if (prefs.utf8_locale) diff --git a/src/common/util.c b/src/common/util.c index cb6181c4..6e912169 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -25,6 +25,7 @@ #include <stdio.h> #include <string.h> #include <stdlib.h> +#include <time.h> #include <sys/types.h> #include <sys/stat.h> @@ -2287,3 +2288,80 @@ challengeauth_response (char *username, char *password, char *challenge) return (char *) digest; } #endif + +/** +* \brief Wrapper around strftime for Windows +* +* Prevents crashing when using an invalid format by escaping them. +* +* Behaves the same as strftime with the addition that +* it returns 0 if the escaped format string is too large. +* +* Based upon work from znc-msvc project. +*/ +size_t +strftime_validated (char *dest, size_t destsize, const char *format, const struct tm *time) +{ +#ifndef WIN32 + return strftime (dest, destsize, format, time); +#else + char safe_format[64]; + const char *p = format; + int i = 0; + + if (strlen (format) >= sizeof(safe_format)) + return 0; + + memset (safe_format, 0, sizeof(safe_format)); + + while (*p) + { + if (*p == '%') + { + int has_hash = (*(p + 1) == '#'); + char c = *(p + (has_hash ? 2 : 1)); + + if (i >= sizeof (safe_format)) + return 0; + + switch (c) + { + case 'a': case 'A': case 'b': case 'B': case 'c': case 'd': case 'H': case 'I': case 'j': case 'm': case 'M': + case 'p': case 'S': case 'U': case 'w': case 'W': case 'x': case 'X': case 'y': case 'Y': case 'z': case 'Z': + case '%': + /* formatting code is fine */ + break; + default: + /* replace bad formatting code with itself, escaped, e.g. "%V" --> "%%V" */ + g_strlcat (safe_format, "%%", sizeof(safe_format)); + i += 2; + p++; + break; + } + + /* the current loop run will append % (and maybe #) and the next one will do the actual char. */ + if (has_hash) + { + safe_format[i] = *p; + p++; + i++; + } + if (c == '%') + { + safe_format[i] = *p; + p++; + i++; + } + } + + if (*p) + { + safe_format[i] = *p; + p++; + i++; + } + } + + return strftime (dest, destsize, safe_format, time); +#endif +} diff --git a/src/common/util.h b/src/common/util.h index 6b8d359c..0c54411b 100644 --- a/src/common/util.h +++ b/src/common/util.h @@ -83,5 +83,5 @@ char *encode_sasl_pass_plain (char *user, char *pass); char *encode_sasl_pass_blowfish (char *user, char *pass, char *data); char *encode_sasl_pass_aes (char *user, char *pass, char *data); char *challengeauth_response (char *username, char *password, char *challenge); - +size_t strftime_validated (char *dest, size_t destsize, const char *format, const struct tm *time); #endif |